Sunday, March 17, 2013

Chitka pop up ads are truly annoying, lots of people have this issue, but the worse part is that these frequent intrusive pop-ups are caused by malicious software. What is Chitka? Honestly, I'm not quite sure what it is. I mean I couldn't find anything, any clue about it. Google search suggested Chitika which is a perfectly legitimate online advertising network and obviously has nothing do to with this malware. It sounds almost the same, though. Actually, I think that those who run the malware campaign did this on purpose. They probably try to mislead users.

The primary reason behind the creation and use of this malware is that it enables one to generate profit by forcing hits to specific websites and advertisements. At the same time, it might be used as marketing and commercial strategy for publicity purposes. One way or another, infected users who are getting a bunch of Chitka pop ups and redirects are not happy at all. What is more, they can't remove the culprit of this infection. That’s why I wrote a step-by-step guide on how to remove Chitka pop up virus and other pop-ups from your computer. Please follow the removal instructions below.

Many people are clueless on how they become victims of this malware. They just keep getting popups on their web browsers, sometimes bottom right corner but very often both. Here’s a good example:

Chitka pop up ad appears in the lower right corner of the browser window. And at the same time, in the lower left corner there's another fake pop-up claiming that your Flash Player is outdated. It says: Please install Flash Player HD to continue. Obviously, it's a scam. I've said this many times before – download and install Flash layer from the official website only.

Here’s another example of Chitka pop up:

This time only one pop-up but highly targeted one, because the malware gathered enough information about victim's interests and displayed the most relevant advertisement. Sometimes, it takes only a few minutes and keywords to select relevant enough ads and sometimes scammers simply display ads according to your location.

This last one shows the Facebook style pop up. That’s why some users say they got infected with Chitka/Facebook pop up ads.

Furthermore, this malware redirects users to malicious websites or web pages full of ads when they click links on the page they are browsing. Usually, Chitka pop ups cannot be closed. It simply doesn't have the small "X" to close it.

Chitka ads and redirect issue is not necessary the same for all users. From what I've seen, these popups and redirects are caused by malicious browser helper object and modified Windows Hosts file. I got the malware for testing purposes from an adult site. However, I'm pretty sure it's promoted via infected websites and may even come bundled with freeware. The malware installed a web browser extension called Flash Player Update 11.0 and modified Windows Hosts will so that certain websites were redirected through servers controlled by scammers. It is worth mentioning that the malicious web browser extension was locked which makes the removal a little bit challenging, at least for less computer savvy users. Besides, the extension name itself may stop some people from removing it. It looks like a legitimate extension and most users know that web browser use Flash Player plugins to display interactive content and Flash documents.

But I also found another sample of this malware and it actually came packed with ZeroAccess rootkit. So far, I’ve seen to possible culprits of Chitka pop-ups – a rootkit and a malicious web browser extensions + Hosts file modification. Maybe there are even more combinations but I couldn’t find them at the time I was researching this malware.

Last but not least, this malware affects all major web browsers: Google Chrome, Mozilla Firefox and Internet Explorer. I’m not sure if it works on Macs and Safari. Cross platform malware became very popular, so I wouldn’t be very surprised. To get rid of this malware completely you should use the tools recommend below.

Do you have any additional information or questions on the Chitka pop up virus? Post your comment or question below. Good luck and be safe online!

Chitka pop up ads removal instructions:

1. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.

2. Reset Windows HOSTS file.

Go to: C:\WINDOWS\system32\drivers\etc.
Double-click "hosts" file to open it. Choose to open with Notepad or any other text editor.

The Windows hosts file should look the same as in the image below (Windows XP). There should be only one line:

Internet Explorer:
1. Go to Tools → Manage Add-ons. If you have the latest version, simply click on the Settings button.
2. Select Toolbars and Extensions. Remove all add-ons that you didn't install or you believe may cause those annoying pop-ups to show up.

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis is a self-help guide. Use at your own risk. Deletemalware.blogspot.com can not be held responsible for problems that may occur by using this information.

About the blogThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.